Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nullsoft nullsoft scriptable install system vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2015-9268
Nullsoft Scriptable Install System (NSIS) prior to 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
Nullsoft Nullsoft Scriptable Install System
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2015-0941
The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and possibly execute arbitr...
Inetc Project Inetc
1 Github repository
3.6
CVSSv2
CVE-2015-9267
Nullsoft Scriptable Install System (NSIS) prior to 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
Nullsoft Nullsoft Scriptable Install System
Debian Debian Linux 8.0
NA
CVE-2023-37378
Nullsoft Scriptable Install System (NSIS) prior to 3.09 mishandles access control for an uninstaller directory.
Nullsoft Nullsoft Scriptable Install System
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started